Recently, the Federal Reserve Board (Fed) published its annual Financial System Cybersecurity and Resilience Report outlining the steps it has taken to strengthen cybersecurity in the financial services sector, including the supervision and regulation of financial institutions and third-party service providers.
The report highlights an increase in the number of cyber threats. Ransomware, in particular, has been rampant, and the effects of ransomware attacks could be particularly deleterious for small banking organizations. The increase in geopolitical events, such as Russia’s invasion of Ukraine, has also led to a potential increase in cyberattacks in the United States, which could affect financial systems. Finally, the Fed recognizes that a cyberattack from a vendor or third party could impact banks due to a supply chain compromise.
put into practice: The report highlights the importance the Fed has placed on cyber risk mitigation and cyber resilience initiatives and reminds financial institutions that as risks increase, they must prioritize their cybersecurity protocols and should use Fed guidance to mitigate risk. This latest report is in line with previous Fed, OCC, and FDIC regulations to improve information sharing about cyber incidents that could affect the U.S. banking system which, among other things, requires banking organizations to notify their primary federal regulator no later than 36 hours after a determination that a “computer security incident” has reached the level of a “notification incident” (we have discussed this regulation in previous blog posts here and here) .
The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.